Introduction:
In this blog, we can learn how we can set item level permission on a List Item or a Document when new item or document is created or modified in SharePoint List/Library. Using Power Automate (MS Flow), we can achieve this by breaking inheritance and assign specific permission to SharePoint User/Group.
Here are detailed steps to be followed in your SharePoint Online tenant to meet the requirement.
Step 1: Create new flow from blank template. Add a trigger “When a file is created or modified in a folder” and entered your Site address URL (http://yourtenant.sharepoint.com) and List/library URL(/SitePages) for which you need to set unique permission.
Step 2: Add an action “Get file metadata” and configure with the values as shown in below screenshot.
Step 3: Add next action “Get file properties” and configure with the values as shown in below screenshot.
Step 4: Add an action “Initialize Variable”, Name it as “AuthorPrincipal” as shown in the below screenshot. This will be used to store Author User Principal id.
Step 5: Add one more action called “Initialize Variable”, rename it as “GroupID” as shown in the below screenshot. This will be used to store Principal Id of SharePoint Group.
Step 6: Then we need to add an action called “Send an HTTP request to SharePoint” to break permission on an item and need to pass parameters as shown in the below screenshot.
Step 7: Now, to assign specific permission to a user on that item, first we need to get the Principal Id of the user (here, Modified By user). For that, add another action “Send an HTTP request to SharePoint” and configure all fields as shown in the below screenshot.
Step 8: Now, store that Principal Id of that user in a variable. To do that, add action “Set Variable” and set the value with => Body(‘Send_an_HTTP_request_to_Sharepoint_2’)[‘d’][‘id]
Step 9: Now to assign permission to item/document, add an action “Send an HTTP request to SharePoint” and configure fields as shown in the below screenshot. Here, we are assigning Contribute permission to Last Modified By User.
To assign permission to a SharePoint group, you can follow steps 10, 11 & 12 instead of 7,8 & 9 and setup flow accordingly.
Step 10: First, to get the Principal Id of SharePoint group, add an action “Send an HTTP Request to SharePoint” with values as shown below screenshot.
- Set Uri as “/_api/Web/SiteGroups/GetByName(‘Your-group-name’)
Note: “Content-Approval” is custom SharePoint group.
Step 11: Now, to store Principal Id in a variable, add an action “Set Variable” and rename it as “Set-GroupID” and configure with value => Body(‘Send_an_HTTP_request_to_Sharepoint_5’)[‘d’][‘id’]
Step 12: Now, to assign permission to that SharePoint group, we need to add an action “Send an http request to SharePoint”, and configure its value as shown in the below screenshot.
Important Notes:
1. Below is table listing different Role Definition Name and Id that can be used in MS Flow as per requirement.
Role Definition Name
|
Role Definition Id
|
Full Control
|
1073741829
|
Design
|
1073741828
|
Edit
|
1073741830
|
Contribute
|
1073741827
|
Read
|
1073741826
|
View Only
|
1073741924
|
2. Also, we can reset the permission and assign Parent level permission on the item by adding action "Send an HTTP request to SharePoint" with values as shown in below screenshot.